From 96624a15d3b18df8743ee2bf4ef1509df07489b5 Mon Sep 17 00:00:00 2001
From: "Rodrigo Rodriguez (Pragmatismo)" <me@rodrigorodriguez.com>
Date: Mon, 26 Jan 2026 11:44:38 -0300
Subject: [PATCH] docs(containers): add brother mode configuration and lxd-sock
 proxy details

---
 src/01-introduction/installation.md | 23 +++++++++++++++++++++++
 src/04-gbui/ui-structure.md         | 15 +++++++++++++++
 src/07-gbapp/containers.md          | 18 ++++++++++++++++++
 3 files changed, 56 insertions(+)

diff --git a/src/01-introduction/installation.md b/src/01-introduction/installation.md
index ed84d6bb..45442779 100644
--- a/src/01-introduction/installation.md
+++ b/src/01-introduction/installation.md
@@ -177,6 +177,29 @@ Requires CUDA installed and 12GB+ VRAM.
 | **Local** | Development, single instance | This page |
 | **Docker** | Production, microservices | [Docker Deployment](../chapter-07-gbapp/docker-deployment.md) |
 | **LXC** | Isolated components, Linux | [Container Deployment](../chapter-07-gbapp/containers.md) |
+| **Brother Mode** | Container managing host containers | See below |
+
+### Container-on-Host (Brother Mode)
+
+You can run `botserver` inside a container (Docker/LXC) while letting it manage other containers directly on the host system. This is useful for CI/CD pipelines or managing "host" deployment from a restricted environment.
+
+**Requirements:**
+- Mount host's LXD socket to container
+- Run container as privileged (if accessing host devices)
+
+**Docker Run Example:**
+```bash
+docker run -d \
+  --name botserver \
+  --network host \
+  --privileged \
+  -v /var/lib/lxd/unix.socket:/var/lib/lxd/unix.socket \
+  -e VAULT_ADDR="https://127.0.0.1:8200" \
+  -e VAULT_TOKEN="<your-token>" \
+  botserver:latest
+```
+
+The installer detects if it is running in a container but needs to manage the host (brother mode) and will configure the host's LXD/LXC environment safely.
 
 > ⚠️ **IMPORTANT**: Container create commands (`botserver install ... --container`) must be run from the **host system**, not inside a container.
 
diff --git a/src/04-gbui/ui-structure.md b/src/04-gbui/ui-structure.md
index bcd91c54..32e3f4fb 100644
--- a/src/04-gbui/ui-structure.md
+++ b/src/04-gbui/ui-structure.md
@@ -99,6 +99,21 @@ For Tauri desktop builds, `tauri.conf.json` specifies the frontend distribution:
 }
 ```
 
+### Asset Serving Strategy
+
+BotUI supports two methods for serving static assets:
+
+1.  **FileSystem (Default)**: Reads files from `./ui/` directory at runtime. Best for development as changes are reflected immediately.
+2.  **Embedded (`embed-ui`)**: Compiles all assets into the binary using `rust-embed`. Best for CI/CD and single-file distribution.
+
+To enable embedded assets:
+
+```bash
+cargo build -p botui --features embed-ui
+```
+
+The CI pipeline automatically enables this feature, producing a standalone `botui` binary that requires no external `ui/` folder.
+
 ### Routing
 
 Both interfaces can be served simultaneously with different routes:
diff --git a/src/07-gbapp/containers.md b/src/07-gbapp/containers.md
index 828c422e..572232e2 100644
--- a/src/07-gbapp/containers.md
+++ b/src/07-gbapp/containers.md
@@ -166,6 +166,24 @@ lxc exec default-tables -- pg_dump -U gbuser botserver > backup.sql
 psql -U gbuser botserver < backup.sql
 ```
 
+## Brother Mode Configuration
+
+If you are running `botserver` itself inside a container (e.g., LXC or Docker) but want it to manage other LXC containers on the host ("Brother Mode"), you must expose the host's LXD socket.
+
+### Required LXD Profile
+
+To allow child containers to communicate with the host LXD daemon, add the `lxd-sock` proxy device to the default profile. This maps the host's socket to `/tmp/lxd.sock` inside the container, avoiding conflicts with missing `/var/lib/lxd` directories in standard images.
+
+```bash
+lxc profile device add default lxd-sock proxy \
+  connect=unix:/var/lib/lxd/unix.socket \
+  listen=unix:/tmp/lxd.sock \
+  bind=container \
+  uid=0 gid=0 mode=0660
+```
+
+> **Note**: The `botserver` installer attempts to configure this automatically. If you encounter "socket not found" errors, verify this proxy device exists.
+
 ## See Also
 
 - [Installation](../chapter-01/installation.md) - Local setup